HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software

Table 51 Reporting Options Supported by idsadmin (continued)

DescriptionOption

Used with the --e-mail-to reporting

options. Subject line of an e-mail message

containing a report. Text must be enclosed in

double quotes if it contains white spaces. This

option can be specified only from the

command line and not from the interactive

menu prompt.

--e-mail-subject TEXT

Specifies that only alerts generated on or

before the specified date are reported. The

date/time is interpreted as local time on the

host on which idsadmin is run, not as the

local time on agent host(s). The default is the

current time. If YYYYMMDD is specified but not

HHMMSS, then HHMMSS defaults to 235959

(11:59:59 PM).

--end-date YYYYMMDD[HHMMSS]

Used with the --report-format (with raw

option) reporting option. Specifies the

delimiter character when printing alert reports

in raw format. The default is the pipe (|)

character.

--report-delimiter CHAR

Specifies the format of the generated report.

The default is html.

--report-format html | txt | raw

Specifies a file PATHNAME to override the

default location where an alert report is stored

or to specify that the alert report must be

printed to stdout in addition to being stored

in the default location. If PATHNAME is set to

/dev/null, then the --e-mail-to option

must be specified and the alert report will not

be stored persistently in a file. By default, alert

reports are stored in /var/opt/ids/

reports/

HIDS_Report_date.[text|html|raw].

--report-output stdout | PATHNAME

Convert and display all UTC timestamps in

UTC or local date/time string, where the local

date/time is the local time on the admin host

that is not necessarily the same as the local

time on the agent host(s). This option does not

apply to the date/time string value generated

by an agent and that represents the local time

on the agent host. The default is utc.

--report-time utc | local

If set to multihost, generate a consolidated

alert listing across all specified agent hosts.

If set to perhost, generate an individual

alert listing per agent host. If set to persrp,

generate an individual alert listing per

Container (SRP) in an agent host. Use persrp

option only if the agent is configured to

monitor HP-UX Containers (HP-UX SRP). If

multihost is specified and the report only

contains an alert listing for one agent, an

individual report is generated instead. The

default value is multihost.

--report-type multihost | perhost |persrp

180 Tuning Schedules and Generating Alert Reports